Facebook to reward people who find glitches on its security network

NEW YORK: Expose the chinks in security network of Facebook and get rewarded for it too, says the social networking site, which has already paid USD 40,000(over Rs 18 lakh) in the past three weeks to those who done it.

Facebook has launched its 'bug bounty' programme a few weeks ago, where it offered to pay for disclosure of security bugs to the company.

"A couple of years ago, we decided to formalise a 'whitehat' programme to encourage these researchers to look for bugs and report them to us ... A few weeks ago, we took that programme to the next level, we started paying rewards to those who report bugs to us," Facebook Chief Security Officer Joe Sullivan said on the official blog.

He added that the bug bounty programme was established as an effort to recognise and reward "these individuals for their good work and encourage others to join."

According to the company website, Facebook has more than 750 million active users globally. Its userbase in India stood at 25 million at the end of April this year.

Facebook has met severe criticism globally on a range of issues, including online privacy, child safety, and security loopholes. It has been working to tackle the situation, introducing new security features to counter the attacks on the website.

"The programme has already paid out more than USD 40,000 in only three weeks and one person has already received more than USD 7,000 for six different issues flagged," Sullivan said. The programme has made the site more secure, by surfacing issues large and small, introducing Facebook to novel attack vectors, and helping it improve lots of corners in its code, he added.

About forty eight people have successfully identified problems and have been acknowledged on Facebook's "whitehat" page. Facebook pays about USD 500 for reporting such issues and increases the reward for specific bugs, the blog said.

The company has also assured that even if the methods used to intrude into Facebook systems are not legal, they would not face any legal action.

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you," the blog said.